ExtraHop Explore REST API Guide
Introduction to ExtraHop REST API
The ExtraHop REST application programming interface (API) enables you to automate administration and configuration tasks on your ExtraHop appliances. You can send requests to the ExtraHop API through a Representational State Transfer (REST) interface, which is accessed through resource URIs and standard HTTP methods.
You can automate administration tasks such as registering a new license or replacing the SSL certificate. And, on the Discover and Command appliances, you can automate configuration tasks, such as creating alerts, or writing triggers.
When a REST API request is sent over HTTPS to an ExtraHop appliance, that request is authenticated and then authorized through an API key. After authentication, the request is submitted to the ExtraHop system and the operation completes.
Each ExtraHop appliance provides access to the built in ExtraHop API Explorer tool, which enables you to view all of the available system resources, methods, properties, and parameters. The API Explorer tool also enables you to test out API calls directly on your ExtraHop appliance.
| Note: | This guide is intended for an audience that has a basic familiarity with software development and the ExtraHop system. |
ExtraHop API requirements
Before you can begin coding against the ExtraHop REST API or performing operations through the ExtraHop API Explorer, you must meet the following requirements:
- Your ExtraHop appliance must be configured to allow API key generation for the type of user you are (remote or local).
- You must have a user account with appropriate privileges set for the type of tasks you want to perform.
- You must have access to the ExtraHop appliance.
Get started
If you have a user account for your ExtraHop appliance, you can connect to the ExtraHop API Explorer and begin browsing through the available resources.
- From the Access Setting section, click API Access.
- On the API Access page, click REST API Explorer.
- Locate a resource you want and click List Operations to view all operations that you can perform on that resource.
- Click an operation name to view implementation information such as parameters, response class and messages, and JSON model and schema that are applicable to the operation.
Access and authenticate to the ExtraHop REST API
Administrators, or users with full system privileges, control whether users can generate API keys. For example, you can prevent remote users from generating keys or you can disable API key generation entirely. When this functionality is enabled, API keys are generated by users and can be viewed only by the user who generated the key.
After you generate an API key, you must append the key to your request headers. The following example shows a request that would retrieve metadata about the firmware running on the ExtraHop appliance:
curl -i -X GET --header "Accept: application/json" \ --header "Authorization: ExtraHop apikey=2bc07e55971d4c9a88d0bb4d29ecbb29" \ "https://<hostname-or-IP-of-your-ExtraHop-appliance>/api/v1/extrahop"
Manage API key access
Users with full system privileges can manage which users are able to generate API keys on the ExtraHop appliance.
- Log in to the ExtraHop Admin UI through the following URL: https://<hostname-or-IP-of-your-ExtraHop-appliance>/admin
- In the Access Settings section, click API Access.
-
In the Manage Access section, select one of the following
options:
- Allow All User Generated API Keys: Local and remote users can generate API keys.
- Local Users Only: Only local users can generate API keys.
- No API Keys Allowed: No API keys can be generated by any user.
- Click Save Settings.
Generate an API key
After you log into the Admin UI on the ExtraHop appliance, if API key generation is enabled, you can generate an API key.
Before you begin
Make sure the ExtraHop appliance and your user account are enabled to generate API keys.- In the Access Settings section, click API Access.
- In the Generate an API Key section, type a description for the new key, and then click Generate.
- Scroll down to the API Keys section, and copy the API key that matches your description.
Enable CORS for the ExtraHop REST API
Cross-origin resource sharing (CORS) allows you to access the ExtraHop REST API across domain-boundaries and from specified web pages without requiring the request to travel through a proxy server.
You can configure one or more allowed origins or you can allow access to the ExtraHop REST API from any origin. Only administrative users with full system privileges can view and edit CORS settings.
View CORS settings
- The list of URLs that can access the REST API.
- The status of the Allow API requests from any Origin option.
Add an allowed origin
You can configure one or more allowed origins or you can allow access to the ExtraHop REST API from any origin.
- In the Access Settings section, click API Access.
-
In the CORS Settings section, specify one of the following
access configurations.
- To add a specific URL, type an origin URL in the text box, and then
click the plus (+) icon or press ENTER.
The URL must include a scheme, such as HTTP or HTTPS, and the exact domain name. You cannot append a path; however, you can provide a port number.
- To allow access from any URL, select the Allow API requests
from any Origin checkbox.
Note: Allowing REST API access from any origin is less secure than providing a list of explicit origins.
- To add a specific URL, type an origin URL in the text box, and then
click the plus (+) icon or press ENTER.
- Click Save Settings and then click Done.
Delete an allowed origin
You can delete a URL from the list of allowed origins or disable access from all origins.
- In the Access Settings section, click API Access.
-
In the CORS Settings section, modify one of the following access
configurations.
- To delete a specific URL, click the delete (X) icon next to the origin you want to delete.
- To disable access from any URL, clear the Allow API requests from any Origin checkbox.
- Click Save Settings.
Learn about the ExtraHop API Explorer
The ExtraHop API Explorer is a web-based tool that enables you to view detailed information about the ExtraHop REST API resources, methods, parameters, properties, and error codes. Code samples are available in Python, cURL, and Ruby for each resource. You also can perform operations directly through the tool, which are performed on your ExtraHop and return information about your network.
| Note: | Be cautious when clicking the Try it out! button, because the operation is performed on your ExtraHop appliance. |
View resource information
Click on any resource group in the ExtraHop API Explorer to view information about the available operations and the expected URL syntax for the resource.
The following options enable you to manage the information displayed on the main page.
Show/Hide: Expands and collapses information about the resource.
List Operations: Expands information about the resource operations.
Expand Operations: Expands information about all of the resource operations. Clicking the method or path of the expanded operation will collapse the additional information.
View operation information
From the ExtraHop API Explorer, you can click on any operation to view additional configuration information for the resource.
The following table provides information about the sections available for resources in the API Explorer. Section availability varies by HTTP method; not all methods have all of the sections listed in the table.
| Section | Description |
|---|---|
| Implementation Notes | Provides all of the fields for the request body and supported values for each field. |
| Response Class | Provides the response code and type for successful requests. |
| Parameters | Provides information about the available query parameters. |
| Response Messages | Provides additional information about the possible HTTP status codes for the resource. |
| Model | Provides the JSON body objects and descriptions. |
| Model Schema | Provides the JSON body schema. Red text indicates user-defined text values. Green text indicates Boolean and number values. |
GET requests
GET requests retrieve information about the objects in the associated resource. You can request information about all of the objects in a resource or you can specify an object ID to retrieve detailed information about only that object.
Learn about the ExtraHop REST API
The ExtraHop REST API enables you to automate tasks for the ExtraHop Admin UI. In addition, you can view and try all of the available resources through the ExtraHop API Explorer and perform operations directly on your ExtraHop appliance.
ExtraHop API resources
You can perform operations on the following resources through the ExtraHop REST API. You also can view more detailed information about these resources, such as available HTTP methods, query parameters, and object properties in the ExtraHop API Explorer.
Appliance
The ExtraHop system consists of a network of connected appliances that perform tasks such as monitoring traffic, analyzing data, storing data, and detecting anomalies.
You can retrieve information about ExtraHop appliances connected to the local appliance and establish new connections to remote ExtraHop appliances.
| Note: | You can only establish a connection to a remote ExtraHop appliance that is licensed for the same edition as the local ExtraHop appliance. |
The following table displays all of the operations you can perform on this resource:
| Operation | Description |
|---|---|
| GET /appliances | Retrieve all remote ExtraHop appliances connected to the local appliance. |
| POST /appliances | Establish a new connection to a remote ExtraHop appliance. |
| GET /appliances/{id} | Retrieve a specific remote ExtraHop appliance connected to the local appliance. |
Implementation information and instructions for each operation are documented in the ExtraHop API Explorer. You can click on any operation in the ExtraHop API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.
APIKey
An API key enables a user to perform operations through the ExtraHop REST API.
You can generate the initial API key for the setup user account through the REST API. All other API keys are generated through the API Access page in the ExtraHop Admin UI.
The following table displays all of the operations you can perform on this resource:
| Operation | Description |
|---|---|
| GET /apikeys | Retrieve all API keys. |
| POST /apikeys | Create the initial API key for the setup user account. |
| GET /apikeys/{keyid} | Retrieve information about a specific API key. |
Implementation information and instructions for each operation are documented in the ExtraHop API Explorer. You can click on any operation in the ExtraHop API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.
ExtraHop
This resource provides metadata about the ExtraHop appliance, such as the firmware version or if the appliance is a Command appliance.
The following table displays all of the operations you can perform on this resource:
| Operation | Description |
|---|---|
| GET /extrahop | Retrieve metadata about the firmware running on the ExtraHop appliance. |
| GET /extrahop/idrac | Retrieve the iDRAC IP address of the ExtraHop appliance. |
| GET /extrahop/platform | Retrieve the platform name of the ExtraHop appliance. |
| GET /extrahop/processes | Retrieve a list of processes running on the ExtraHop appliance. |
| POST/extrahop/processes/{process}/restart | Restart a process running on the ExtraHop appliance. |
| POST /extrahop/sslcert | Regenerate the SSL certificate on the ExtraHop appliance. |
| PUT /extrahop/sslcert | Replace the SSL certificate on the ExtraHop appliance. |
| GET /extrahop/version | Retrieve the version of the firmware running on the ExtraHop appliance. |
Implementation information and instructions for each operation are documented in the ExtraHop API Explorer. You can click on any operation in the ExtraHop API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.
License
This resource enables you to retrieve and set product keys or to retrieve and set a license.
The following table displays all of the operations you can perform on this resource:
| Operation | Description |
|---|---|
| GET /license | Retrieve the license applied to this ExtraHop appliance. |
| PUT /license | Apply and register a new license to the ExtraHop appliance. |
| GET /license/productkey | Retrieve the product key to this ExtraHop appliance. |
| PUT /license/productkey | Apply the specified product key to the ExtraHop appliance and register the license. |
Implementation information and instructions for each operation are documented in the ExtraHop API Explorer. You can click on any operation in the ExtraHop API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.
Running config
The running configuration file is a JSON document that contains core system configuration information for the ExtraHop appliance.
The following table displays all of the operations you can perform on this resource:
| Operation | Description |
|---|---|
| GET /runningconfig | Retrieve the current running configuration file. |
| PUT /runningconfig | Replace the current running configuration file. Configuration file changes are not automatically saved. |
| POST /runningconfig/save | Save the current changes to the running configuration file. |
| GET /runningconfig/saved | Retrieve the saved running configuration file. |
Implementation information and instructions for each operation are documented in the ExtraHop API Explorer. You can click on any operation in the ExtraHop API Explorer to view implementation information such as parameters, response class and messages, and JSON model and schema.
Thank you for your feedback. Can we contact you to ask follow up questions?